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Remarks 

The Office Action mailed October 7, 2005 has been carefully reviewed and the foregoing 
amendment has been made in consequence thereof 

Claims 1-89 are now pending in this application* Claims 1-118 stand rejected. Claims 
90-1 18 have been cancelled. 

In accordance with 37 C.F.R. 1.136(a), a three-month extension of time is submitted 
herewith to extend the due date of the response to the Office Action dated October 7, 2005, for 
the above-identified patent application from January 7, 2006, through and including April 7, 
2006. In accordance with 37 C.F.R. 1,1 7(a)(3), authorization to charge a deposit account in the 
amount of $1,020.00 to cover this extension of time request also is submitted herewith. 

The rejection of Claims 1-30, 99-1 10 and 1 15-1 18 under 35 U.S.C. § 101 as being 
directed to non-statutory subject matter is respectfully traversed. 

The Office Action asserts that "Claim 1 does not require any technology" and therefore is 
directed to non-statutory subject matter. Applicants respectfully traverse this assertion. 
However, Applicants have amended independent Claim 1, Applicants submit that the claims of 
the present patent application are directed to practical applications in the technological arts. 
"Any sequence of operational steps can constitute a process within the meaning of the Patent Act 
so long as it is part of the technological arts," In re Musgrave, 431 F,2d 882 (C.C.P.A. 1970). 
Moreover, Applicants submit that Claim 1 does recite certain technology. Claim 1 is therefore 
directed to a practical application in the technological arts. 

Dependent Claims 2-30 depend from independent Claim 1, and these dependent Claims 
are submitted to satisfy the requirements of Section 101 for the same reasons set forth above with 
respect to independent Claim 1 . 

Claims 99-1 10 and 115-118 have been cancelled. 

For at least the reasons set forth above, Applicants respectfully request that the Section 
101 rejection of Claims 1-30, 99-1 10 and 1 15-1 18 be withdrawn. 
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The rejection of Claims 1-118 under 35 U.S.C. § 1 12, second paragraph, is respectfully 
traversed. Applicants respectfully submit that Claims 1-118 satisfy section 1 12, second 
paragraph. More specifically. Applicants respectfully submit that Claims 1-1 18 are definite and 
particularly point out and distinctly claim the subject matter of the invention. Applicants, 
however, have amended independent Claims 1, 31, 63 and 76. Applicants have also cancelled 
Claims 90-1 18. Accordingly, Applicants respectfully submit that Claims 1-89 are definite and 
particularly point out and distinctly claim the subject matter of the invention. For at least the 
reasons set forth above, Applicants respectfully request that the rejection of Claims 1-118 under 
35 U.S.C, § 1 12, second paragraph, be withdrawn* 

The rejection of Claims 1-118 under 35 U.S.C. § 102(e) as being anticipated by Swor et 
al. (U.S. Patent No. 6,148,297) ("Swor") is respectfully traversed. 

Applicants respectfully submit that Swor does not describe or suggest the claimed 
invention. As discussed below, at least one of the differences between Swor and the present 
invention is that Swor does not describe or suggest a method for conducting a compliance risk 
assessment and mitigation process that includes storing in a database compliance information 
including at least one questionnaire relating to compliance, compliance requirements for each 
functional area within a business, and persons responsible for compliance within each functional 
area within the business, displaying a questionnaire on a client system associated with a person 
responsible for compliance with at least one functional area within the business, processing a 
response to the displayed questionnaire, and prioritizing compliance risks for the business 
including identifying compliance risks for each functional area within the business, and 
prioritizing the compliance risks from high to low based on a severity rating of non-compliance. 

Moreover, Applicants submit that Swor does not describe or suggest identifying, for each 
compliance risk identified, potential compliance failure modes and potential causes and effects 
of such compliance failure modes, and calculating a risk prioritization number (RPN) for each 
compliance risk identified based on the data stored in the database wherein the RPN represents a 
relative compliance risk of a particular failure mode. 

Furthermore, Applicants submit that Swor does not describe or suggest implementing risk 
monitoring and control mechanisms to mitigate compliance risks based on the calculated RPNs* 
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Swor describes an interactive system and method having at least two subsystems: one for 
providing exposure and incident information to a healthcare worker and another for collecting 
exposure and incident data at a healthcare facility in a confidential manner. The system includes 
input/output devices and a processor for accessing and displaying information on a desired 
healthcare topic and for collecting, via a series of interactive screens, accident data for 
subsequent collation within a facility and/or on a multifacility scale, such as for regulatory 
compliance. Data collection is preferably done in a confidential manner, and a report is 
generated that includes a risk assessment and recommended follow up procedures* The 
input/output devices are preferably located in close proximity to an area having a relatively high 
likelihood of exposures or incidents, for permitting the user ready access to desired information* 

Claim 1 recites a method for conducting a consistent, documented and yet repeatable 
compliance risk assessment and mitigation process, using a network-based system including a 
server system coupled to a centralized database and at least one client system, the method 
includes "storing in the database compliance information including at least one questionnaire 
relating to compliance, compliance requirements for each functional area within a business, and 
persons responsible for compliance within each functional area within the business. . .displaying 
a questionnaire on a client system associated with a person responsible for compliance with at 
least one functional area within the business, the questionnaire is transmitted from the server 
system to the client system of the compliance person and is generated using the compliance 
information stored within the database. . .receiving at the server a response inputted by the 
compliance person to the displayed questionnaire* * .processing the response to the displayed 
questionnaire at the server. . .prioritizing compliance risks for the business including identifying 
compliance risks for each functional area within the business, and prioritizing the compliance 
risks from high to low based on a severity rating of non-compliance. . .identifying, for each 
compliance risk identified, potential compliance failure modes and potential causes and effects 
of such compliance failure modes. . storing the risks, the risk priority, the failure modes, and the 
causes and effects in the database. . .calculating a risk prioritization number (RPN) for each 
compliance risk identified based on the data stored in the database, wherein the RPN represents a 
relative compliance risk of a particular failure mode. . .and implementing risk monitoring and 
control mechanisms to mitigate compliance risks based on the calculated RPNs." 



22 



60709-00012 
PATENT 

Swor does not describe or suggest a method as recited in Claim 1. More specifically, 
Swor does not describe or suggest a method for conducting a compliance risk assessment and 
mitigation process that includes storing in a database compliance information including at least 
one questionnaire relating to compliance, compliance requirements for each functional area 
within a business, and persons responsible for compliance within each functional area within the 
business, displaying a questionnaire on a client system associated with a person responsible for 
compliance with at least one functional area within the business, processing a response to the 
displayed questionnaire, and prioritizing compliance risks for the business including identifying 
compliance risks for each functional area within the business, and prioritizing the compliance 
risks from high to low based on a severity rating of non-compliance. 

Moreover, Swor does not describe or suggest identifying, for each compliance risk 
identified, potential compliance failure modes and potential causes and effects of such 
compliance failure modes, and calculating a risk prioritization number (RPN) for each 
compliance risk identified based on the data stored in the database wherein the RPN represents a 
relative compliance risk of a particular failure mode. 

Furthermore, Swor does not describe or suggest implementing risk monitoring and 
control mechanisms to mitigate compliance risks based on the calculated RPNs, 

Rather, Swor describes a health care information and data tracking system having at least 
two subsystems: one for providing exposure and incident information to a healthcare worker and 
another for collecting exposure and incident data at a healthcare facility in a confidential manner. 
Swor does not describe or suggest a method for conducting a compliance risk assessment and 
mitigation process a recited in Claim 1 . For example, Swor does not describe or suggest 
calculating a risk prioritization number (RPN) for each compliance risk identified based on the 
data stored in the database wherein the RPN represents a relative compliance risk of a particular 
failure mode, and implementing risk monitoring and control mechanisms to mitigate compliance 
risks based on the calculated RPNs. Accordingly, Applicants respectfully submit that Claim 1 is 
patentable over Swor. 

For at least the reasons as set forth above, Applicants respectfully request that the 35 
U.S.C, § 102(e) rejection of Claim 1 be withdrawn. 
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Claims 2-30 depend from independent Claim 1 which is submitted to be in condition for 
allowance. When the recitations of Claims 2-30 are considered in combination with the 
recitations of Claim 1, Applicants submit that dependent Claims 2-30 are also patentable over 
Swor. 

Claim 31 recites a system for identifying and quantifying compliance that includes at 
least one computer, a database for storing compliance information including at least one 
questionnaire relating to compliance, compliance requirements for each functional area within a 
business, and persons responsible for compliance within each functional area within the business, 
and a server, wherein the server is configured to "display a questionnaire on said computer 
associated with a person responsible for compliance with at least one functional area within the 
business, the questionnaire is transmitted from said server to said computer of the compliance 
person and is generated using the compliance information stored within the database. . .receive a 
response inputted by the compliance person to the displayed questionnaire, , .process the response 
to the displayed questionnaire. . .prioritize compliance risks for the business including identifying 
compliance risks for each functional area within the business, and prioritizing the compliance 
risks from high to low based on a severity rating of non-compliance. . .identify, for each 
compliance risk identified, potential compliance failure modes and potential causes and effects 
of such compliance failure modes. . .store the risks, the risk priority, the failure modes, and the 
causes and effects in the database. . .calculate a risk prioritization number (RPN) for each 
compliance risk identified based on the data stored in the database, wherein the RPN represents a 
relative compliance risk of a particular failure mode. . .and recommend risk monitoring and 
control mechanisms to mitigate compliance risks based on the calculated RPNs." 

Claim 31, as herein amended, recites a system for identifying and quantifying compliance 
that includes a server configured to perform steps essentially similar to those recited in Claim L 
Thus, it is submitted that Claim 3 1 is patentable over Swor for reasons that correspond to those 
given with respect to Claim 1 . 

For at least the reasons as set forth above, Applicants respectfully request that the 35 
U.S.C § 102(e) rejection of Claim 31 be withdrawn. 
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Claims 32-62 depend from independent Claim 31 which is submitted to be in condition 
for allowance. When the recitations of Claims 32-62 are considered in combination with the 
recitations of Claim 31, Applicants submit that dependent Claims 32-62 are also patentable over 
Swor. 

Claim 63 recites a computer programmed to "store in a database compliance information 
including at least one questionnaire relating to compliance, compliance requirements for each 
functional area within a business, and persons responsible for compliance within each functional 
area within the business. . .display a questionnaire for a person responsible for compliance with at 
least one functional area within the business, the questionnaire is generated using the compliance 
information stored within the database. . .receive a response inputted by the compliance person to 
the displayed questionnaire. . .process the response to the displayed questionnaire. . .prioritize 
compliance risks for the business including identifying compliance risks for each functional area 
within the business, and prioritizing the compliance risks from high to low based on a severity 
rating of non-compliance. . .identify, for each compliance risk identified, potential compliance 
failure modes and potential causes and effects of such compliance failure modes. . .store the risks, 
the risk priority, the failure modes, and the causes and effects in the database. . .calculate a risk 
prioritization number (RPN) for each compliance risk identified based on the data stored in the 
database, wherein the RPN represents a relative compliance risk of a particular failure 
mode. . .and recommend risk monitoring and control mechanisms to mitigate compliance risks 
based on the calculated RPNs." 

Claim 63, as herein amended, recites a computer programmed to perform steps 
essentially similar to the steps recited in Claim 1. Thus, it is submitted that Claim 63 is 
patentable over Swor for reasons that correspond to those given with respect to Claim 1 . 

For at least the reasons as set forth above, Applicants respectfully request that the 35 
U.S.C, § 102(e) rejection of Claim 63 be withdrawn. 

Claims 64-75 depend from independent Claim 63 which is submitted to be in condition 
for allowance. When the recitations of Claims 64-75 are considered in combination with the 
recitations of Claim 63, Applicants submit that dependent Claims 64-75 are also patentable over 
Swor. 
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Claim 76 recites a computer program embodied on a computer readable medium for 
managing compliance risk assessment to enable businesses to develop broader and deeper 
coverage of compliance risks, using a network based system including a server system coupled 
to a centralized database and at least one client system, the computer program includes a code 
segment that "stores in the database compliance information including at least one questionnaire 
relating to compliance, compliance requirements for each functional area within a business, and 
persons responsible for compliance within each functional area within the business. . .displays a 
questionnaire on a client system associated with a person responsible for compliance with at least 
one functional area within the business, the questionnaire is transmitted from the server system 
to the client system of the compliance person and is generated using the compliance information 
stored within the database. . .receives a response inputted by the compliance person to the 
displayed questionnaire. , processes the response to the displayed questionnaire at the 
server. . .prioritizes compliance risks for the business including identifying compliance risks for 
each functional area within the business, and prioritizing the compliance risks from high to low 
based on a severity rating of non-compliance. . .identifies, for each compliance risk identified, 
potential compliance failure modes and potential causes and effects of such compliance failure 
modes. . .stores the risks, the risk priority, the failure modes, and the causes and effects in the 
database. . .calculates a risk prioritization number (RPN) for each compliance risk identified 
based on the data stored in the database, wherein the RPN represents a relative compliance risk 
of a particular failure mode. . .and recommends risk monitoring and control mechanisms to 
mitigate compliance risks based on the calculated RPNs." 

Claim 76 recites a computer program embodied on a computer readable medium that 
includes a code segment programmed to perform steps essentially similar to those recited in 
Claim 1 . Thus, it is submitted that Claim 76 is patentable over Swor for reasons that correspond 
to those given with respect to Claim 1 . 

For at least the reasons as set forth above, Applicants respectfully request that the 35 
U.S.C. § 102(e) rejection of Claim 76 be withdrawn. 

Claims 77-89 depend from independent Claim 76 which is submitted to be in condition 
for allowance. When the recitations of Claims 77-89 are considered in combination with the 
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recitations of Claim 76, Applicants submit that dependent Claims 77-89 are also patentable over 
Swor, 

Claims 90-1 18 have been cancelled. 

For at least the reasons set forth above, Applicants respectfully request that the Section 
102 rejection of Claims 1-1 18 be withdrawn. 

In view of the foregoing amendments and remarks, all the claims now active in this 
application are believed to be in condition for allowance. Reconsideration and favorable action 
is respectfully solicited. 



Respectfully Submitted, 



Daniel M Fitzgerald * 
Registration No. 38,880 
ARMSTRONG TEASDALE LLP 
One Metropolitan Square, Suite 2600 
St. Louis, Missouri 63102-2740 
(314) 621-5070 
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